From owner-freebsd-questions@FreeBSD.ORG Sun Apr 18 08:19:42 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C8610106566C for ; Sun, 18 Apr 2010 08:19:42 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 3ADA18FC12 for ; Sun, 18 Apr 2010 08:19:42 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id o3I8JUFt065889 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sun, 18 Apr 2010 09:19:31 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <4BCAC092.9090701@infracaninophile.co.uk> Date: Sun, 18 Apr 2010 09:19:30 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: Aiza References: <4BCA54DC.1000301@comclark.com> <4BCA61FC.5000308@governmentcostsolutions.com> <4BCA7D4A.6060309@comclark.com> In-Reply-To: <4BCA7D4A.6060309@comclark.com> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.96 at happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL, SPF_FAIL autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on happy-idiot-talk.infracaninophile.co.uk Cc: kurt seel , FreeBSD Questions Subject: Re: Ping from jail not permitted error X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Apr 2010 08:19:42 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 18/04/2010 04:32:26, Aiza wrote: > kurt seel wrote: >> Aiza wrote: >>> My jail has public internet access because i can do pkg_add -r >>> unix2dos and the package does install. But when I enter ping -c 2 >>> freebsd.org I get message "ping: socket: Operation not permitted" >>> There is no firewall running in the jail. >>> >>> Any ideas would be helpful. >>> >>> Thanks >> >> ICMP is disallowed by defaut for jails, see the sysctl : >> security.jail.allow_raw_sockets >> There are good reasons for this default, so if you test remember to >> set it >> back when you are done. >> Also, on a point of style, jails in their current form (see VIMAGE) >> do not get a network stack of their own so they don't have a firewall but >> share the hosts' network and firewall, etc. >> >> > I don't have man vimage. Is this part of Freebsd? It's in 8.0 and above -- VIMAGE is a kernel configuration option. It's a work in progress. See: http://wiki.freebsd.org/Image/TODO?highlight=%28vnet%29 Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvKwJIACgkQ8Mjk52CukIwrcACfWy+4XpVb80yoeo393lNN5yMz mucAoIguWZRo8I89rWYkCDO25W3pOixf =FkzE -----END PGP SIGNATURE-----